NotCVE - vendor:"Mitsubishielectric" product:"Fx5u Firmware"

8 results (0.004 seconds)

CVSS: 10.0EPSS: 0%CPEs: 432EXPL: 1

CVE-2023-4699 – Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA products

https://notcve.org/view.php?id=CVE-2023-4699

06 Nov 2023 — Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets. Vulnerabilidad de verificación insuficiente de autenticidad de datos en los módulos principales Mitsubishi Electric Corporation MELSEC-F Series y en los módulos ... • https://github.com/Scottzxor/Citrix-Bleed-Buffer-Overread-Demo • CWE-306: Missing Authentication for Critical Function CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 5.3EPSS: 0%CPEs: 126EXPL: 0

CVE-2023-4625 – Denial-of-Service（DoS） Vulnerability in Web server function on MELSEC Series CPU module

https://notcve.org/view.php?id=CVE-2023-4625

06 Nov 2023 — Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unau... • https://jvn.jp/vu/JVNVU94620134 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 10.0EPSS: 1%CPEs: 78EXPL: 0

CVE-2023-1424 – Denial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module

https://notcve.org/view.php?id=CVE-2023-1424

24 May 2023 — Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution. • https://jvn.jp/vu/JVNVU94650413 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.4EPSS: 2%CPEs: 106EXPL: 0

CVE-2022-40267 – Authentication Bypass Vulnerability in Web Server Function on MELSEC Series

https://notcve.org/view.php?id=CVE-2022-40267

20 Jan 2023 — Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial n... • https://jvn.jp/vu/JVNVU99673580/index.html • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) •

CVSS: 5.3EPSS: 0%CPEs: 218EXPL: 0

CVE-2022-25162

https://notcve.org/view.php?id=CVE-2022-25162

18 May 2022 — Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric ME... • https://jvn.jp/vu/JVNVU95926817/index.html • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 0%CPEs: 218EXPL: 0

CVE-2022-25161

https://notcve.org/view.php?id=CVE-2022-25161

CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-5665

https://notcve.org/view.php?id=CVE-2020-5665

14 Dec 2020 — Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet. Una comprobación o manejo inapropiado de condiciones excepcionales en la unidad CPU FX5U(C) de MELSEC iQ-F series versión 1.060 y anterior, permite a un atacante causar una condición de denegación de servicio (DoS) en una ejecución del pro... • https://jvn.jp/vu/JVNVU95638588/index.html •

CVSS: 7.5EPSS: 0%CPEs: 92EXPL: 0

CVE-2020-5527

https://notcve.org/view.php?id=CVE-2020-5527

30 Mar 2020 — When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functi... • https://jvn.jp/en/vu/JVNVU91553662/index.html • CWE-400: Uncontrolled Resource Consumption •